Received: by 10.213.65.68 with SMTP id h4csp283840imn; Mon, 12 Mar 2018 13:45:45 -0700 (PDT) X-Google-Smtp-Source: AG47ELt3/UgXC2nb50XqQWIS9M6M9JcynFp/Fokp69xqSKjj9rPq4sVhItxP0EAkQZvDwz8t5MDg X-Received: by 10.99.149.15 with SMTP id p15mr7786939pgd.154.1520887545388; Mon, 12 Mar 2018 13:45:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520887545; cv=none; d=google.com; s=arc-20160816; b=FhPv+YIEkg04CVhEC5oR7llrL4C4OM8swz38ukHKmRsueHarPGZ5kNe43gyrWCpJOO AMN0jqsWea0vcrPKlRYHDskHvKPh4qAhcLczMMjWWgmepN2Zv/Ye8keJtgsqTATMh3vR FjMJP+cjvnEoDg88hCJOeAfcq0yTpENP41GiSZCoDy6iPJC2iM/Clc2tDjdfsDDNM1hU 5zK4PzqgntHEt8u3wgrtJuTj4ooHDZv3SJtQv6Po5K/tLyi7kM5P3FiefLLCzFkEvP4G J/ZRpfreQjktXBRG1fIo/zik/k2x/0n/2i8KJp2kdfoV4jz5CDFsMVoMlVI4ma/TrUpV Goeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=l5uWyVYajA+rPYg9KwdDMNhN61UoB6lvwaC6bfy7HUs=; b=k5Dl59rqzqSbpFAKGVnZa/POgfvXszHqS3CQswOKUxV1vBU/9skBMwZg8sS4i6Zz9K JW4H4IAsYU//5hrXX4XOfVPTxE70frSxMz9kZrHjqzAOpWG7iGJj9UsaElEa6mZNpm2W jjNcuOngSKceFzsbFxCpSCQ+BptCutJhtszYZPWNIkM3QhmNqADSpgh0Pz8ePN/T484L A2E8RPAGUX5YEg048aTaEJc83HxFL+LYMQNDlOUw40wWDaWEahsK779dJTNfHezexi8r ZrV6qPd0RpGMu1nvn+c//bXg6854nBhxjGnZ/Nnf6BLakcD9l8WMX/b5EnbNjR+dzlMr /M4g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 12si5470893pgb.389.2018.03.12.13.45.30; Mon, 12 Mar 2018 13:45:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932354AbeCLUoQ (ORCPT + 99 others); Mon, 12 Mar 2018 16:44:16 -0400 Received: from mx2.suse.de ([195.135.220.15]:47566 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932266AbeCLUoP (ORCPT ); Mon, 12 Mar 2018 16:44:15 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id D1FCCAEFF; Mon, 12 Mar 2018 20:44:13 +0000 (UTC) Date: Mon, 12 Mar 2018 20:44:13 +0000 From: "Luis R. Rodriguez" To: Waiman Long Cc: "Luis R. Rodriguez" , Kees Cook , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Andrew Morton , Al Viro , Matthew Wilcox Subject: Re: [PATCH v4 1/6] sysctl: Add flags to support min/max range clamping Message-ID: <20180312204413.GY4449@wotan.suse.de> References: <1520885744-1546-1-git-send-email-longman@redhat.com> <1520885744-1546-2-git-send-email-longman@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1520885744-1546-2-git-send-email-longman@redhat.com> User-Agent: Mutt/1.6.0 (2016-04-01) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 12, 2018 at 04:15:39PM -0400, Waiman Long wrote: > When minimum/maximum values are specified for a sysctl parameter in > the ctl_table structure with proc_dointvec_minmax() handler, update > to that parameter will fail with error if the given value is outside > of the required range. > > There are use cases where it may be better to clamp the value of > the sysctl parameter to the given range without failing the update, > especially if the users are not aware of the actual range limits. > Reading the value back after the update will now be a good practice > to see if the provided value exceeds the range limits. > > To provide this less restrictive form of range checking, a new flags > field is added to the ctl_table structure. > > When the CTL_FLAGS_CLAMP_RANGE flag is set in the ctl_table > entry, any update from the userspace will be clamped to the given > range without error if either the proc_dointvec_minmax() or the > proc_douintvec_minmax() handlers is used. You keep missing to document both on commit log and kdoc which end on the range is selected if you happen to go over. To be clear it is unclear from reading the commit log if a default is set if you go over if you pick another value. In this case it is conditional if you go over we pick the high range max, and if you go below the lower range minimum set allowed. What happens if no low range is set and that is what the issue in terms of range triggers? > Signed-off-by: Waiman Long > --- > include/linux/sysctl.h | 15 +++++++++++++++ > kernel/sysctl.c | 48 +++++++++++++++++++++++++++++++++++++++--------- > 2 files changed, 54 insertions(+), 9 deletions(-) > > diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h > index b769ecf..963e363 100644 > --- a/include/linux/sysctl.h > +++ b/include/linux/sysctl.h > @@ -116,6 +116,7 @@ struct ctl_table > void *data; > int maxlen; > umode_t mode; > + unsigned int flags; > struct ctl_table *child; /* Deprecated */ > proc_handler *proc_handler; /* Callback for text formatting */ > struct ctl_table_poll *poll; > @@ -123,6 +124,20 @@ struct ctl_table > void *extra2; > } __randomize_layout; > > +/** > + * enum ctl_table_flags - flags for the ctl table (struct ctl_table.flags) > + * > + * @CTL_FLAGS_CLAMP_RANGE: Set to indicate that the entry should be > + * flexibly clamped to min/max range in case the user provided > + * an incorrect value. It should be documented clearly here. So NACK for now. Luis